add TokenFileAUth which reloads token if it expires

Author: zshihang

src/KubernetesClient/Authentication/TokenFileAuth.cs

@@ -0,0 +1,31 @@
+using System;
+using System.Net.Http.Headers;
+using System.IO;
+using System.Threading;
+using System.Threading.Tasks;
+using Microsoft.Rest;
+
+namespace k8s.Authentication
+{
+    public class TokenFileAuth : ITokenProvider
+    {
+        private string _token;
+        internal string _token_file { get; set; }
+        internal DateTime _token_expires_at { get; set; }
+
+        public TokenFileAuth(string token_file)
+        {
+            _token_file = token_file;
+        }
+
+        public async Task<AuthenticationHeaderValue> GetAuthenticationHeaderAsync(CancellationToken cancellationToken)
+        {
+            if (_token_expires_at < DateTime.UtcNow)
+            {
+                _token = File.ReadAllText(_token_file).Trim();
+                _token_expires_at = DateTime.UtcNow.AddSeconds(60);
+            }
+            return new AuthenticationHeaderValue("Bearer", _token);
+        }
+    }
+}

src/KubernetesClient/KubernetesClientConfiguration.InCluster.cs

@@ -1,5 +1,6 @@
 using System;
 using System.IO;
+using k8s.Authentication;
 using k8s.Exceptions;
 
 namespace k8s
@@ -42,15 +43,14 @@ public static KubernetesClientConfiguration InClusterConfig()
                     "unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined");
             }
 
-            var token = File.ReadAllText(Path.Combine(ServiceAccountPath, ServiceAccountTokenKeyFileName));
             var rootCAFile = Path.Combine(ServiceAccountPath, ServiceAccountRootCAKeyFileName);
             var host = Environment.GetEnvironmentVariable("KUBERNETES_SERVICE_HOST");
             var port = Environment.GetEnvironmentVariable("KUBERNETES_SERVICE_PORT");
 
             return new KubernetesClientConfiguration
             {
                 Host = new UriBuilder("https", host, Convert.ToInt32(port)).ToString(),
-                AccessToken = token,
+                TokenProvider = new TokenFileAuth(Path.Combine(ServiceAccountPath, ServiceAccountTokenKeyFileName)),
                 SslCaCerts = CertUtils.LoadPemFileCert(rootCAFile),
             };
         }

tests/KubernetesClient.Tests/TokenFileAuth.cs

@@ -0,0 +1,31 @@
+using System;
+using System.Threading;
+using System.Threading.Tasks;
+using FluentAssertions;
+using k8s.Authentication;
+using Xunit;
+
+namespace k8s.Tests
+{
+    public class TokenFileAuthTests
+    {
+        [OperatingSystemDependentFact(Exclude = OperatingSystem.OSX | OperatingSystem.Windows)]
+        public async Task Token()
+        {
+            var auth = new TokenFileAuth("assets/token1");
+            var result = await auth.GetAuthenticationHeaderAsync(CancellationToken.None);
+            result.Scheme.Should().Be("Bearer");
+            result.Parameter.Should().Be("token1");
+
+            auth._token_file = "assets/token2";
+            result = await auth.GetAuthenticationHeaderAsync(CancellationToken.None);
+            result.Scheme.Should().Be("Bearer");
+            result.Parameter.Should().Be("token1");
+
+            auth._token_expires_at = DateTime.UtcNow;
+            result = await auth.GetAuthenticationHeaderAsync(CancellationToken.None);
+            result.Scheme.Should().Be("Bearer");
+            result.Parameter.Should().Be("token2");
+        }
+    }
+}

tests/KubernetesClient.Tests/assets/token1

@@ -0,0 +1 @@
+token1

tests/KubernetesClient.Tests/assets/token2

@@ -0,0 +1 @@
+token2